Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

Google, Microsoft, NASA and Nasdaq use Semmle's software engineering analytics to secure the software that runs the world

SAN FRANCISCO, August 21, 2018 — Semmle, a software engineering analytics platform, is launching globally today alongside the announcement of its $21 million Series B, led by Accel Partners, and with participation from Work-Bench. Developers and IT leaders at Capital One, Credit Suisse, Google, Microsoft, NASA and Nasdaq trust Semmle to help them create more secure and reliable code without slowing down. The investment, which brings Semmle’s total funding to $31 million, will be used to accelerate its go-to-market efforts serving large technology and financial services companies around the world. As part of the investment, Accel’s Ping Li and Vas Natarajan will join the board of directors.

Building and securing modern software applications and operating systems has become exponentially more expensive and complex to manage. Windows contains tens of millions of lines of code; the software in connected cars includes approximately 100 million lines; and Google’s portfolio of internet services includes about two billion lines. Today, it’s difficult for CIOs and engineers to trust that their code is secure and reliable, and even harder to have a view into who is working on what or where problems exist in the development pipeline. Critical vulnerabilities and 0-days that can expose their customers’ data and do irreparable damage to their brand -- like the Semmle-discovered Apache Struts vulnerability, similar to the one that led to the Equifax breach -- are often imperceptible.

Semmle solves the intractable problem of making code semantically searchable by taking a unique approach that combined two distinct and seemingly incompatible disciplines — object-oriented programming and database logic.

“The greatest scientific and technological breakthroughs throughout history resulted from combining different disciplines, such as the use of computer science and biology to sequence the human genome,” said Dr. Oege de Moor, CEO of Semmle. “We built Semmle on this same principle, bringing together our 100+ patents in database technology and programming to enable deep semantic code search. With Semmle, CIOs, developers and security researchers can finally answer previously unanswerable questions about their code to find coding mistakes and 0-days that would otherwise be invisible.”

Software Engineering Analytics that Developers Love and CIOs Trust

Semmle’s LGTM analytics platform combines deep semantic code search and data science insights from its community of 500,000 developers to help them better understand their code, engineering processes and people. LGTM stands for, “Looks Good to Me,” a term commonly used by developers to sign off on each other’s work. LGTM is powered by QL, a query engine that lets developers and security researchers turn their source code into searchable relational data in order to spot critical errors and variants virtually impossible to find any other way. The platform also uses AI techniques to present actionable recommendations for improvement to developers and managers, building on the data from the user community.

“My team needs to take advantage of the best tools available to keep Google Ads running and avoid exposing this critical system to risk,” said Google VP of Engineering and Semmle customer Asim Husain. “With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down. Semmle is the only solution that can do this and plays an important role in our engineering and security strategy.”

CIOs and development managers also use LGTM’s analytics to see how their engineering teams and individual developers are performing, and can benchmark the vulnerabilities in their code bases against other projects.

Backed by 10 years of development, 100+ Patents and 30+ PhDs

Semmle was co-founded by De Moor, a distinguished computer scientist and 20+ year Oxford professor, and his former PhD students, Pavel Avgustinov and Julian Tibble. Together, they've built a team of more than 60 cross-functional experts: computer scientists, biochemists, astrophysicists, clinical scientists and mathematicians, more than half of whom hold PhDs. The Semmle team spent 10 years researching and creating the solution that is now the QL engine behind Semmle’s LGTM platform; they now hold 82 technology patents, with an additional 25 patents pending.

“The stakes have never been higher for securing the world’s software,” said Accel’s Ping Li. “By making code searchable in a database, Semmle is redefining what’s possible in terms of fidelity of the analysis. It’s why Semmle is already trusted by the most innovative and valuable organizations in the world like Google and Microsoft.”

Semmle secures the software that runs the world with analytics developers love and CIOs trust. Software engineering and security teams at Credit Suisse, Dell, Google, Microsoft, NASA and Nasdaq depend on the Semmle analytics platform to create more reliable and trustworthy code without slowing down. Headquartered in San Francisco, Semmle is a privately held company funded by Accel, with additional offices in Copenhagen, New York City, Oxford, Seattle and Valencia, Spain. For more information, visit https://www.semmle.com.

When several industry giants all come forward to make use of a platform that they deem as appropriate, we all know for sure that there is no doubting it. This is just what they need to emerge together as one united service provider for the greater good of consumerism. They can most definitely label the software as the one outlet to rule the world because that is basically what it actually does.

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed...

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted X...